Electrical and Computer Engineering Dennis Goeckel University of Massachusetts Amherst This work is supported by the National Science Foundation under.

Similar presentations

Presentation on theme: "Electrical and Computer Engineering Dennis Goeckel University of Massachusetts Amherst This work is supported by the National Science Foundation under."— Presentation transcript:

1
Electrical and Computer Engineering Dennis Goeckel University of Massachusetts Amherst This work is supported by the National Science Foundation under Grants CNS-1019464, CCF-1249275, and ECCS-1309573. Everlasting Security and Undetectability in Wireless Communications ICNC Lecture February 6, 2014

2
2 Electrical and Computer Engineering Motivation Everlasting Secrecy: We are interested in keeping something secret forever. A challenge of cryptography (e.g. the VENONA project) is that recorded messages can be deciphered later. Undetectability: 1. A stronger form of security than any encryption: computational or information-theoretic. 2.Often more important than encryption: whom is talking to whom (so called “metadata”) From: The Guardian

3
3 Electrical and Computer Engineering The Alice-Bob-Eve Scenario in Wireless AliceBob Eve Building It might be Eve in the parking lot listening, or…. …it might be Eve in the building! Important Challenge: the “near Eve” problem… …and you very likely will not know where she is.

4
4 Electrical and Computer Engineering Computational Security (Cryptography) Eve can see the transmitted bits perfectly, but cannot solve the “hard” problem presented to her. Advantages: 1.Well-studied and efficient algorithms 2.Does not suffer from the “Near Eve” problem Disadvantages: 1.Implementations often broken (although the primitive is fine) 2.Computational assumptions on Eve 3.Message can be stored and decrypted later

5
5 Electrical and Computer Engineering Information-theoretic secrecy Information is encoded in such a way that Eve gets no information about the message…if the scenario is right Advantages: 1.No computational assumptions on Eve. 2.If the transmission is securely made, it is secure forever. Disadvantages (key part of this talk): Information-theoretic secrecy generally relies on a (known) advantage for Bob over Eve (e.g. less noisy). If that is not true, Eve gets the message today. Many would argue that we have traded a long-term computational risk for a short-term scenario risk…no thank you!

14
14 Electrical and Computer Engineering Diffie-Hellman: How could it be broken? 1.The discrete logarithm is not hard (unlikely?) This motivates approaches of “keyless security”, where what the eavesdropper receives does not contain enough information to (ever) decode the message…information-theoretic secrecy. I. Comp and IT security basics: (a) Diffie-Hellman (b) The wiretap channel (c) Wireless [Courtesy: C. Paar] 2. Somebody obtains the key in some other manner (e.g. side-channel analysis on power utilization of a processor). 3. Advances in computing [from: “wired.com”]

25
25 Electrical and Computer Engineering Wireless Channels: Path Loss d r A What happens to the transmitted wave on the way from the cell phone to the tower? Goes in all directions (broadcast) and the signal strength weakens. Let’s model it. T.S. Rappaport, Wireless Communications Note that the differences in received powers can be huge, for example, in a cell phone system: I. Comp and IT security basics: (a) Diffie-Hellman (b) The wiretap channel (c) Wireless

26
26 Electrical and Computer Engineering Small Scale: Multi-path Fading What happens to the signal on the way from the cell phone to the tower? It gets reflected by many objects and the reflections add up at the receiver. Example: Two paths of different lengths, signals arrive at slightly different times. One path is 100ft longer: 100ns difference (big deal?). Carrier might be at 1 GHz -> period 1ns (So, yes, big deal) Walk around the room while you speak on the phone -> the two signals keep adding up or canceling at the receiver as you move. Key: Varies 3 ways: 1.Spatially 2.Temporally 3.With frequency I. Comp and IT security basics: (a) Diffie-Hellman (b) The wiretap channel (c) Wireless

46
46 Electrical and Computer Engineering Potential Solutions: (a) Exploiting fading (b) 2-way comms (c) Rcvr hardware (d) Jamming (a) Public Discussion (b) Power modulation (Although they are not really competing techniques. Power modulation approach could be used under public discussion.) What if Eve picks up the transmitter?

57
57 Electrical and Computer Engineering S D Scenario: Source “S” wants to communicate securely with the destination “D” in the presence of M eavesdroppers (M=3 above) with the help of N relays (N=5) above. Step 1: Source broadcasts pilot. Relay i measures S -> R i channel, i=0,1,…N-1. Basic Idea: If you cannot hear somebody “talk”, then, by reciprocity, they will not be able to hear you. That allows you to be a jammer with little pain to the system when that person receives. Alice Bob Potential Solutions: (a) Exploiting fading (b) 2-way comms (c) Rcvr hardware (d) Jamming

65
65 Electrical and Computer Engineering 1.How much secret information can be shared by a network of wireless nodes in the presence of eavesdropper nodes? [Gupta/Kumar et al] The Network Scale: AliceBob Eve So far we have considered: But now we want to consider: 2.… and how many eavesdroppers can the network tolerate? Questions: Asymptotically-large networks: (a) Cooperative jamming (b) Network coding

69
69 Electrical and Computer Engineering So, the idea to connect each S-D pair through a sequence of many single-cell hops + one multi-hop jump until reaching D. Routing Algorithm: ××× But what if you don’t know where the eavesdroppers are? Asymptotically-large networks: (a) Cooperative jamming (b) Network coding Jamming works if you know where the eavesdroppers are.

78
78 Electrical and Computer Engineering Secure Network Coding A formal way to study a wiretap network. Start with a given graph representing the network. Some of the edges are tapped. s d a b Gives necessary and sufficient condition to go securely from s to d, and (if possible) tells you how to do it. Nice formal way to check secrecy capability, but wireless secrecy: we don’t have a graph. Tapped! [Cai and Yeung, 2002], [Jain 2004]

80
80 Electrical and Computer Engineering Toy Example 1 (Basic Two-way Scheme). An incoming connection can be very useful. This simple trick has an important implication for wireless secrecy. Two-way helps address the near eavesdropper problem 1) d generates a random message k and sends it to s. 2) s replies with (k is used as a one-time pad.) 3) d extracts x from c, k. e misses k, cannot decode x. Two nodes + one eavesdropper e catches whatever s says. An incoming secure edge is sufficient for secrecy.

81
81 Electrical and Computer Engineering Toy Example 2: s disconnected from both neighbors in both directions! Still hope? Disconnected! Four nodes on the corners of a square. Two eavesdroppers in the middle of two edges.

83
83 Electrical and Computer Engineering Back to Secrecy Capacity for the Main Result. Problem: near eavesdropper (SNR gap). We know how to address that: Two-way scheme ( evens out the SNR gap ) Remember, the problem here was: Near eavesdropper of unknown location.

84
84 Electrical and Computer Engineering Two-Dimensional Networks S again generates four packets w1, w2, w3, w4. But this time, does the two-way scheme with four relays to deliver these packets. Any Eve here misses k2 -> misses w2 Draining Phase: How we initiate at the source Routing Algorithm: Draining, routing, delivery No Eve can be in between for all four r-s pairs. Asymptotically-large networks: (a) Cooperative jamming (b) Network coding [Capar and Goeckel, 2012]

85
85 Electrical and Computer Engineering Two-Dimensional Networks Any Eve here misses k2 -> misses w2 Come from four directions. No Eve can be in between for all four r-s pairs. Asymptotically-large networks: (a) Cooperative jamming (b) Network coding Result: Network can tolerate any number of eavesdroppers of arbitrary location at the Gupta-Kumar per-pair throughput. Note: Importantly, the same technique can be used in practical networks that are: 1.sufficiently dense 2.add infrastructure

91
91 Electrical and Computer Engineering Results from Steganography: Problem: Modify characters in a cover text (message, picture, etc.) to convey secret message without detection. Results: 1. symbols can be modified in a cover text of length n symbols without detection. 2. bits of information can be encoded in those n symbols without detection But this is on a finite alphabet channel. What about a physical (e.g. wireless) channel? LPD Communications: (a) Emerging approaches (b) Experiment Covert Message

95
95 Electrical and Computer Engineering Main Result: The Square Root Law Consider a party Alice trying to communicate to Bob in the presence of a Warden Willie, with all channels AWGN: 1.Alice can send bits reliably to Bob with probability of detection at Willie 0. 2.Conversely, if Alice tries to send bits to Bob, one of the following occurs: Bob’s decoding error is bounded away from zero, or Alice’s transmission is detected with probability 1. or? Thanks! [Bash, Goeckel, Towsley, 2013] LPD Communications: (a) Emerging approaches (b) Experiment

99
99 Electrical and Computer Engineering Back of the Envelope Hence, the number of bits conveyed in n symbols is: (That is not quite rigorous, as Shannon capacity is for a fixed R as n goes to infinity.) But there is a simple workaround to finish the proof. LPD Communications: (a) Emerging approaches (b) Experiment

107
107 Electrical and Computer Engineering 2. If Willie does not know the time of the message: Slot 0Slot 1Slot 2Slot 3Slot T nnnnn Can transmit bits in n channel uses. Other Recent Advances in LPD Communications (For example, Alice-to-Bob secret: “I will send the message at 4:23pm today.”) Willie has to watch a much larger time interval. [Bash, Goeckel, Towsley, 2014]

110
110 Electrical and Computer Engineering Challenges for the Future 1. Biggest question: Is information-theoretic security in wireless just a waste of (mostly academic) resources? There are certainly lots of doubters: 1.“My problem with IT security is you can’t guarantee it.” -Andrew Worthen, MIT-LL 2.“If cryptographic security primitives are broken, the world collapses with or without IT security.” -Dakshi Agrawal, IBM-Watson 3.… Is it only used in a defense-in-depth approach under cryptographic stuff? But then is there really value-added? 2. Undetectable Communications: Can we build “shadow networks”?